IETF Logo Mail Archive

Re: [dmarc-ietf] About user notification in the MUA

Stan Kalisch <stan@glyphein.mailforce.net> Mon, 08 June 2020 21:17 UTC

Return-Path: <stan@glyphein.mailforce.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E69EF3A00B3 for <dmarc@ietfa.amsl.com>; Mon, 8 Jun 2020 14:17:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=LQoIQS1G; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=eXdl+7PQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vLKQOR4Zq_1p for <dmarc@ietfa.amsl.com>; Mon, 8 Jun 2020 14:17:34 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 879483A00C4 for <dmarc@ietf.org>; Mon, 8 Jun 2020 14:17:34 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id DA0E45C00EB for <dmarc@ietf.org>; Mon, 8 Jun 2020 17:17:33 -0400 (EDT)
Received: from imap6 ([10.202.2.56]) by compute2.internal (MEProxy); Mon, 08 Jun 2020 17:17:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=9pbahZ21xwLzkmNfd0mdQGh6UUIVFtP 8T3sAtGMC/8k=; b=LQoIQS1Gqw48tdPnqzZrnJayDpfnh9oqFBRJPesv8mMZCmE NbStt6CauzqSE38MaQ62JV7tcGI/GJmmL0w9Fpjkso+Jd6IpfGDyjxEf44gh3r/j tYo0Rxq1ZyQzbLP+O+MHep1Xd15/AXf17vPSPGD3Dw3dB4EvxHA5I/3HWTgj9M2/ /WS0xRGWtF1gpzegLf1rOKxuKyyy6TkjFIK0+JGQiXHMbYAewZc5M63dA6q2XF+4 ZoWZxeZXSUEIoTG/mirt2sh0GdGUwP4Wk8rIdAXNDIvIwn9deSz1CLwSOz2aPVzh 0gfqehRttKBNq+XbZzbnVQzL7sNFP5+jhLBNG1g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=9pbahZ 21xwLzkmNfd0mdQGh6UUIVFtP8T3sAtGMC/8k=; b=eXdl+7PQyEkE1e9vJAToUw 9MEs3ZagaN7++Uk2pfiohk7LN5e0UKrAMLOr3Qz5T//OcM9QXCJOMs6rh8/h6QrZ BVckKagPviuI751Dsub/+XK6iOKdAzfQDhFpSlC+/e4B7g+UwKioMdyOrOMt3aQ9 2x81/iBZJxEpTDsww9+6lxSYi/Y9jXWz+c5zBaAAZI/E4miOHb0rY4wVd5KC9PgU kh/C49P5mhwd13A0ZScjX8tNBjLZI7xKpiju59H31CGY0pHUyZXeJ0AW+2w0dC/i XROf8XJ8dHH0M/7u55tZB/Hd+oOWCXnz+RUFCYuZRFunoiQBEpGL6jPmIR6UKwaA ==
X-ME-Sender: <xms:7areXs5clRgNchu6LL4Z5vwwNXaF4wjPgGS93h-bNdyB4rLkU_Q_xg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrudehvddgleelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsegrtd erreerredtnecuhfhrohhmpedfufhtrghnucfmrghlihhstghhfdcuoehsthgrnhesghhl hihphhgvihhnrdhmrghilhhfohhrtggvrdhnvghtqeenucggtffrrghtthgvrhhnpeeuie egleevvdegtdefhfffhfekhedtuedvueeikeduueevfeetffelgeehhffhvdenucffohhm rghinhepuhhsrggslhgvshgvtghurhhithihrdhorhhgpdhivghtfhdrohhrghenucevlh hushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehsthgrnhesghhl hihphhgvihhnrdhmrghilhhfohhrtggvrdhnvght
X-ME-Proxy: <xmx:7areXt6z1yKy6qagfVVy1TtU21WU5Jfbn_M6tOwwXxhHEjQtmxIJnQ> <xmx:7areXrdhee1GXoJYST43Ug5_uWbQD9jV9-xNmYk5HV-rLq0oVguaJg> <xmx:7areXhJxEDbfOn2SZrNeV1fPJr2GGnCAYqSjEliSjCShsYpUTtpW0Q> <xmx:7areXvbaUYmjxIrBVnfS_Ds5ME-VbnIf5pyISq4L9sYxPR-fi81SVA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 808851400A7; Mon, 8 Jun 2020 17:17:33 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-519-g0f677ba-fm-20200601.001-g0f677ba6
Mime-Version: 1.0
Message-Id: <03782197-b1b7-4218-9382-a92259bec048@www.fastmail.com>
In-Reply-To: <3eb519fc08214b4bb23ed00737cdc0db@bayviewphysicians.com>
References: <DM5PR0601MB367115AD49513EAF3953716CF68B0@DM5PR0601MB3671.namprd06.prod.outlook.com> <11640715.3lbasgNmsr@sk-desktop> <25420528-d356-0273-ceb3-c44a3c94bc91@gmail.com> <3138524.EPDo7oxCqE@sk-desktop> <4620e21f-32c5-7735-9faf-a5b045f84c0d@bluepopcorn.net> <ac0f684a-4c00-0564-8cf9-5b955e037c87@tana.it> <14fe18acad53467a8027e680dfc1067e@bayviewphysicians.com> <46e045ae-9691-4f5b-86bf-142c066458d8@www.fastmail.com> <fbbcc299-98f3-5d23-15e1-1f89fa03b9a7@gmail.com> <dbcc34fb870e45b2b1cd3903b90b8a87@bayviewphysicians.com> <33b12416-cd41-4826-9950-3afc9fdb83bf@www.fastmail.com> <3eb519fc08214b4bb23ed00737cdc0db@bayviewphysicians.com>
Date: Mon, 08 Jun 2020 17:17:08 -0400
From: Stan Kalisch <stan@glyphein.mailforce.net>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="812ae218b7d540d7b66536f0a0aa78a3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/U6GPpAcj6L7z7AxFC1-XRRGEI0s>
Subject: Re: [dmarc-ietf] About user notification in the MUA
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2020 21:17:37 -0000

On Mon, Jun 8, 2020, at 2:03 AM, Douglas E. Foster wrote:
> Stan Kalisch asks: And you propose the average user can understand, much less take the time to understand, the substance?
> 
> Yes. I believe users are worried about spam, and want to make intelligent decisions about whether or not email can be trusted. Unfortunately, our present software denies them access to the available information needed to make intelligent decisions.

See, I believe they want to, too, but, anecdotally, I can think of a number of intelligent people I can't explain DMARC to in a substantive manner in a short period of time. And the research bears these kinds of anecdotes out.

What I've tried to establish here is that you really have to take the initiative if you want to come up with a system that can present the kind of data you want presented to the users. You're missing the point that a number of people with a great deal of experience have tried, and think it's either impossible or very unlikely. So simply asking the community to come up with a solution won't be enough, because the community has labored to find a solution for a very long time.

A good place for you to begin would probably be this paper:
http://www.usablesecurity.org/emperor/


Stan

> 
> Dave Crocker observes: There is no basis for believing that requests about MUA display will achieve meaningful support on the receive side, nevermind whether they would be at all useful. 
> 
> I was not talking about the sender. I was talking entirely about the receiving organization: its spam filter communicating to its MUA to communicate information to the end user based on its local policy.
> 
> Dave Crocker also observes about end-user signaling failures: It's not that it 'seems to be'. It isn't nearly that soft. It is that there have been multiple efforts over the years and none has demonstrated efficacy.
> 
>  Then lets restate that assertion in all its ugly elitism, and put it into an RFC:
> 
> Incontrovertible research shows that humans will always act on malicious email, and cannot be taught to do otherwise. Organizations should deploy email if and only if they have automated tools which provide perfect protection from unwanted email. End user training is useless.
> 
> I have a higher opinion about my users than that.
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email